ABB WebWare Server Vulnerability

Wednesday, April 4, 2012 @ 06:04 PM gHale


There is a buffer overflow vulnerability in multiple components of the ABB WebWare Server application which has holes in the COM and scripting interfaces, according to a report from ICS-CERT.

After learning about the vulnerabilities from independent researchers Terry McCorkle and Billy Rios, ABB followed up with an investigation and discovered these components see use in multiple ABB legacy products.

RELATED STORIES
Wonderware Fixes Security Holes
Rockwell Patches FactoryTalk
Ecava Patches IntegraXor Vulnerability
GE Patches Series of Vulnerabilities
Multiple Holes with xArrow

Because these are legacy products nearing the end of their life cycle, ABB does not intend to patch these vulnerable components.

The following ABB products suffer from the issue:
• WebWare Server: All versions of included Data Collector and Interlink
• WebWare SDK: All versions
• ABB Interlink Module: All versions
• S4 OPC Server: All versions
• QuickTeach: All versions
• RobotStudio S4: All versions
• RobotStudio Lite: All versions.

Successfully exploiting these vulnerabilities could lead to a denial-of-service for the application and privilege escalation or could allow an attacker to execute arbitrary code.

The legacy WebWare software products include a number of COM and ActiveX controls. These controls are together in the products to facilitate communications with the robot controller or the WebWare Server and may run as services on the PC. Other controls provide graphical elements for web pages and custom human-machine interfaces (HMIs).

The above products see use in several different roles in a factory environment. WebWare Server does data gathering and backup handling. WebWare SDK, ABB Interlink Module, and S4 OPC Server work in HMIs and communications to and from a robot controller. QuickTeach, RobotStudio S4, and RobotStudio Lite are PC tools for training, installation, and programming of a robot cell.

Multiple components of the ABB WebWare Server application contain a buffer overflow vulnerability, McCorkle and Rios said. The legacy PC products WebWare Server, WebWare SDK, and other legacy products that include parts of WebWare contain a number of COM and ActiveX components that contain vulnerabilities in the COM and scripting interfaces, ABB said.

STACK-BASED BUFFER OVERFLOW
The COM and ActiveX controls included in the software do not provide adequate checking of input data. A user or program could call one of the controls’ interfaces with specially crafted input data that can overflow the stack pointer or cause the control to stop execution. The ActiveX controls have been registered as scriptable, which means they can be included and scripted from remotely served web pages. CVE-2012-1801 is the number assigned to this vulnerability. ABB said there is a CVSS Overall Score of 7.7.

The vulnerability in these components is remotely exploitable, but there are no known exploits specifically target the components.

ABB said the WebWare Server and products listed above are legacy products nearing the end of their life cycle and no longer actively supported. Users of these products should go to the available documentation on mitigating risk and securing their machines and production environments. Because these are legacy products, ABB does not intend to patch these vulnerable components.

ABB did release a customer advisory.

In addition, ABB also released a whitepaper on WebWare Component security.

ABB said users should review those documents and implement the recommendations provided.

In addition, ABB customers using these products may contact their local ABB Robotics service organization. Questions or responses on cyber security go to: cybersecurity@ch.abb.com.



Leave a Reply

You must be logged in to post a comment.